On Thu, Nov 14, 2002 at 06:02:48PM -0800, Scott Miller wrote: > If you guys want to be super paranoid about this, we can use a > secret-sharing scheme or just multiple signatures, but store the private > keys on physical security tokens (such as http://www.ibutton.com).
That wouldn't prevent someone from tricking a developer or developers into signing a modified jar. Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021114/28f3ca53/attachment.pgp>
